Symfony 3 - Not allowed to access app_dev.php

php symfony shared-hosting symfony-3.1
Daaaaa picture Daaaaa · Aug 17, 2016 · Viewed 8.8k times · Source

I just bought some shared hosting (OVH.com - PHP 5.6.21) to host a Symfony 3 project (version 3.1.3).

When uploading the config.php file of Symfony on the server, it only displays 2 recommandation messages to improve the site speed, but nothing that could prevent the site from working. So, the hosting seems good enough to run this project properly.

I sent all the files and folders on the server, but when I try to reach the app_dev.php page, I have this error message :

You are not allowed to access this file. Check app_dev.php for more information.

I know I have to add my IP addresss to the allowed IPs array in the app_dev.php file, so here's what I did (XXX.XXX.XXX.XXX being my IP address) : 

if (isset($_SERVER['HTTP_CLIENT_IP'])
    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
    || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', 'XXX.XXX.XXX.XXX', 'fe80::1', '::1']) || php_sapi_name() === 'cli-server')
) {
    header('HTTP/1.0 403 Forbidden');
    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}

I tried different things to see where the problem could come from :

  • remove the !(in_array) part from the condition => Error 500
  • remove the whole condition block => I can reach the site (even if there are still some MySQL related errors)

The var/logs/dev.log file is totally empty, even if the rights are 777.

If you have any idea about where the problem might come from, i'd be glad if you could help me.

Thanks in advance for your help !

PS : when I try to reach the prod environment (app.php), i get an error 500, but the var/logs/prod.log file contains lines about MySQL errors... so i guess this is fine.

Answer

Gerry picture Gerry · Aug 17, 2016

Reading the code you know exactly what the problem is :) Or at least, it can be one of 2 reasons:

  • Your request contains a Client-IP or X-Forwarded-For header, which may be set by a reverse proxy (like Varnish) installed before your website.
  • You are not configuring the right IP address.

Regardless the actual cause, it's advisable to NOT open up your app_dev.php front controller on your production server. Development should be done on your local machine. Tampering with this check might accidentally open up the development environment to the outside world.

Related questions

Runtime exception with Composer install/update on shared hosting w/ Symfony2

I seem to be having some problems with cache permissions on shared hosting. Specifically, when I try to install/update vendors via Composer, I get a runtime exception: $ php composer.phar update -v -o Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::…

Read More
Running Composer returns: "Could not open input file: composer.phar"

I am new to symfony2 and reading symblog. In third chapter while trying with data-fixtures I tried the command: php composer.phar update but I got the error: Could not open input file: composer.phar So I googled a little …

Read More
How to get the request parameters in Symfony 2?

I am very new to symfony. In other languages like java and others I can use request.getParameter('parmeter name') to get the value. Is there anything similar that we can do with symfony2. I have seen some examples but …

Read More